Detects that a user has been authenticated since the start of the request and starts a new session.

This is essentially a generalization of the functionality that was implemented for SEC-399.
Additionally, it will update the configured SessionRegistry if one is in use, thus preventing problems when used
with Spring Security's concurrent session control.